mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-05-02 06:02:03 +00:00
6218b1b8da
This is a security release: - In Waitress version 1.4.2 a new regular expression was added to validate the headers that Waitress receives to make sure that it matches RFC7230. Unfortunately the regular expression was written in a way that with invalid input it leads to catastrophic backtracking which allows for a Denial of Service and CPU usage going to a 100%. Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Khem Raj <raj.khem@gmail.com>